|
IDS
mailing list archives
RE: IPS - Cisco vs. McAfee vs. Tippingpoint
From: Hurgel Bumpf <l0rd_lunatic () yahoo com>
Date: Thu, 30 Jul 2009 09:28:08 +0000 (GMT)
Hello David,
The IPS is for the network edge, there are already some F5 loadbalancers and ASM modules running for protecting the
web apps. We need to unload these.
Thank you,
Andre
--- David Henning <David.Henning () hughes com> schrieb am Mi, 29.7.2009:
Von: David Henning <David.Henning () hughes com>
Betreff: RE: IPS - Cisco vs. McAfee vs. Tippingpoint
An: "Hurgel Bumpf" <l0rd_lunatic () yahoo com>, "focus-ids () securityfocus com" <focus-ids () securityfocus com>
Datum: Mittwoch, 29. Juli 2009, 13:05
Since this is for a website, have you
checked some of the web application firewalls like
WebDefend? It does learning and I think has a
threshold to alert for new session spikes, etc. It
installs either in-line or not in-line but with extra ports
available to send RST to both ends, etc.
David Henning, CISSP, GCPM
Hughes Network Systems, LLC
Principal Security Analyst
301-428-5533
-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Hurgel Bumpf
Sent: Wednesday, July 29, 2009 8:25 AM
To: focus-ids () securityfocus com
Subject: IPS - Cisco vs. McAfee vs. Tippingpoint
Hi List,
i need to protect a "realtime" website with an inline IPS
from (D)DOS attacks.
I had some bad experience with Tippingpoint UnityOne 2400
field test. The device dropped to much sessions until all
connectivity was lost.
After that no investigation was not possible as TP logs all
attack information with IP address 0.0.0.0
The vendor excused this with the layered technology and
passing the IP address from the hardware to the logger would
lead to delayed packages)
This is unacceptable.
i'm now looking forward to test a Cisco IPS 4270-20 and a
McAfee Network Security 4050 appliance.
Who has a good/bad experience with that devices? Is it true
that all devices don't log ip adresses?
My dream appliance would be able to run like in a 7 day
learning mode which counts max new sessions per second, max
sessions per client aso. After this 7 days it creates a
filter with +x% of the learned values and sets these limits
active.
A big problem is that i have to install it into the
productive system to get the real values. I dont have any
fixed values regarding the new sessions per second and i
cant just guess and set values and render the system
offline.
All information is highly appreciated!
Thank you very much for your time,
Andre
-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate
on your web server, you can securely collect sensitive information online, and increase business by giving your
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
 By Date 
By Thread
Current thread:
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint, (continued)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
RE: IPS - Cisco vs. McAfee vs. Tippingpoint BARDINI, MICHAEL (Jul 29)
Re: IPS - Cisco vs. McAfee vs. Tippingpoint Laurens Vets (Jul 29)
|
Intro
